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STATE-56 

SYSTEM NAME: 

Network User Account Records. 

SECURITY CLASSIFICATION: 

Unclassified. 

SYSTEM LOCATION: 

Records are maintained by the 

Department of State in secure facilities 

wherever a domain controller is 

automatically compiling a visitors' log of 

individuals who authenticate to a 

particular server. 

CATEGORIES OF INDIVIDUALS 
COVERED BY THE SYSTEM: 

Department of State employees and 
other organizational users who have 
access to Department of State computer 
networks. 

CATEGORIES OF RECORDS IN 
THE SYSTEM: 

This Privacy Act system consists of the 
network user account records that 
Department information systems, 
applications, and services compile and 
maintain about users of a network. These 
records include user data such as the 
user's name, system-assigned username; 
e-mail address; employee or other user 
identification number; organization 
code; job title; business affiliation; work 
contact information; systems, 
applications, or services to which the 
individual has access; systems, 
applications, or services used; dates, 
times, and durations of use; user profile; 
and IP address of access. The records 
also include system usage files and 
directories when they contain 
information about specific users. 
AUTHORITY FOR MAINTENANCE 
OF THE SYSTEM: 
5U.S.C. 301;44U.S.C. 3544. 
PURPOSE: 



To administer network user accounts; to 
help document and/or control access to 
computer systems, platforms, services, 
applications, and databases within a 
Department network; to monitor security 
of computer systems; to investigate and 
make referrals for disciplinary or other 
actions if unauthorized access or 
inappropriate usage is suspected or 
detected; and to identify the need for 
training programs. 
ROUTINE USES OF RECORDS 
MAINTAINED IN THE SYSTEM, 
INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF 
SUCH USES: 

The routine uses applicable to this 
system of records are published at 73 FR 
40650-40651 (July 15, 2008). 
POLICIES AND PRACTICES FOR 
STORING, RETRIEVING, 
ACCESSING, RETAINING 
AND DISPOSING OF RECORDS IN 
THE SYSTEM: 
STORAGE: 

Electronic and paper records. 
RETRIEVABILITY: 

Records are indexed by the user's name, 
system-assigned username; e-mail 
address; or other searchable data fields 
or codes. 
SAFEGUARDS: 

All individuals with access to the records 
covered by this system of records 
receive cyber security awareness training 
which covers the procedures for 
handling classified and Sensitive-but- 
Unclassified information, including 
personally identifiable information. 
Annual refresher training is mandatory. 
Individuals with access undergo a 
background security investigation. All 
paper records are maintained in secured 
filing cabinets or in restricted areas, 
access to which is limited to authorized 
personnel only. Access to electronic 



records is password-protected and under 
the supervision of the information 
owner. Access privileges reflect 
separation of duties and least privilege, 
and are only extended to those 
Department personnel who have a need 
for the records in the performance of 
their duties. Individuals who are 
authorized to examine detailed 
information about the network and 
system usage of specific users are 
assigned privileged system accounts for 
that purpose. When it is determined that 
an individual no longer requires access, 
his or her account is disabled. 
RETENTION AND DISPOSAL: 
See National Archives and Records 
Administration General Records 
Schedule 20. 1 (Files/Records Relating to 
the Creation, Use, and Maintenance of 
Computer Systems, Applications, or 
Electronic Records) and 24.6 (User 
Identification, Profiles, Authorizations, 
and Password Files). Records are deleted 
when no longer needed for 
administrative, legal, audit, or other 
operational purposes. 
SYSTEM MANAGER AND 
ADDRESS: 

Chief Information Officer, Department 
of State, 2201 C Street, NW., 
Washington, DC 20520. 
NOTIFICATION PROCEDURES: 

Individuals who have reason to believe 
that this system of records may contain 
information pertaining to them may 
write the Director, Office of Information 
Programs and Services, Department of 
State, SA-2, 515 22nd Street, NW., 
Washington, DC 20522-8001. At a 
minimum, the individual should include 
the name of this system of records; their 
name, current mailing address, zip code, 
and signature; and a brief description of 
the circumstances that caused the 
individual to believe that the system of 



records contains records pertaining to 
them, including the specific geographic 
locations, overseas missions, or 
individual offices in which the 
individual believes he or she may have 
accessed or is believed to have accessed 
the Department's computer systems. 
RECORD ACCESS AND 
AMENDMENT PROCEDURES: 
Individuals who wish to gain access to 
or amend records pertaining to them 
should write to the Director, Office of 
Information Programs and Services, 
Department of State, SA-2, 515 22nd 
Street, NW., Washington, DC 20522- 
8001. 

RECORD SOURCE CATEGORIES: 

Individuals about whom the record is 
maintained; information systems, 
applications, and services within a 
Department network that record usage 
by individuals assigned a user account 
on that network. 

EXEMPTIONS CLAIMED FOR 
THE SYSTEM: 

None. 



